Loading...
Latest news
COVID19-Effet de loupe et biais de sélection
COVID19 70-80% des morts sont vaccinés
COVID19 Le confinement est inutile
700 Films Gatuits
COVID19 Simulation confinement
système

Fork Bomb limiter les process ulimit

Jordi -

La fork bomb est une forme d’attaque par déni de service contre un système informatique utilisant la fonction fork. Elle est basée sur la supposition que le nombre de programmes et de processus pouvant être exécutés simultanément sur un ordinateur est limité.

Une fork bomb fonctionne en créant un grand nombre de processus très rapidement afin de saturer l’espace disponible dans la liste des processus gardée par le système d’exploitation. Si la table des processus se met à saturer, aucun nouveau programme ne peut démarrer tant qu’aucun autre ne termine. Même si cela arrive, il est peu probable qu’un programme utile démarre étant donné que les instances de la bombe attendent chacune d’occuper cet emplacement libre.

Non seulement les fork bombs utilisent de la place dans la table des processus, mais elles utilisent chacune du temps processeur et de la mémoire. En conséquence, le système et les programmes tournant à ce moment-là ralentissent et deviennent même impossibles à utiliser.

Les fork bomb peuvent être considérées comme un certain type de wabbit (un programme qui s’autoréplique sans utiliser de réseau). (Wikipedia)

Comment se protéger d’une telle attaque sous Linux Unix?

Il faut limiter le nombre de process des utilisateurs. Dans le fichier /etc/security/limits.conf on configure les limitations.
Description du fichier /etc/security/limits.conf

Each line describes a limit for a user in the form:

Where:

can be:
an user name
a group name, with @group syntax
the wildcard *, for default entry
the wildcard %, can be also used with %group syntax, for maxlogin limit
can have the two values:
« soft » for enforcing the soft limits
« hard » for enforcing hard limits
can be one of the following:
core – limits the core file size (KB)
can be one of the following:
core – limits the core file size (KB)
data – max data size (KB)
fsize – maximum filesize (KB)
memlock – max locked-in-memory address space (KB)
nofile – max number of open files
rss – max resident set size (KB)
stack – max stack size (KB)
cpu – max CPU time (MIN)
nproc – max number of processes
as – address space limit
maxlogins – max number of logins for this user
maxsyslogins – max number of logins on the system
priority – the priority to run user process with
locks – max number of file locks the user can hold
sigpending – max number of pending signals
msgqueue – max memory used by POSIX message queues (bytes)
nice – max nice priority allowed to raise to
rtprio – max realtime priority
chroot – change root to directory (Debian-specific)

Se connecter en root et éditer le fichier:
# vi /etc/security/limits.conf
Exemple pour éviter un « fork bomb »:

@student hard nproc 50
@faculty soft nproc 100
@pusers hard nproc 200

Il faut ensuite rebooter le serveur. On peut aussi utiliser ulimit pour la session active.
Cette commande permet de définir différents paramètres (soft : modifiables, et hard : non modifiables) pour la gestion de la mémoire et des processus.

Ainsi, dans notre cas, on utilise ulimit de la façon suivante :
Exemple limiter à 30 process les utilisateurs :
# ulimit -u 30
Pour vérifier et lister les limites prises en compte :
# ulimit -a

max user processes (-u) 30

On peut utiliser ulimit pour d’autres paramètres.
Augmenter la stack size. La valeur à indiquer est en Kb.
Si vous avez des programmes qui déclarent de gros tableaux, vous pouvez changer la valeur de la stack size qui est de 8MB par défaut (vous avez besoin d’être super-user) :
# ulimit -s
8192

# ulimit -s 32768

# ulimit -s
32768

Il est aussi possible de fixer les limites soft et hard de façon manuelle. La limite hard n’étant modifiable qu’une seul fois par session, et limitant aussi la limite soft.

Pour modifier la limite soft :
ulimit -S -m 800000

Pour la limite hard :
ulimit -H -m 800000

Sachez toutefois que ces limites ne sont fixés que pour la session courante, il faut donc modifier votre fichier /etc/security/limits.conf

94 comments
  1. supreme hoodie

    I simply desired to appreciate you once more. I am not sure the things I would’ve achieved in the absence of the actual techniques documented by you directly on my industry. It had been a frightening condition in my view, but considering a new well-written technique you solved it took me to weep for joy. I am just grateful for the support and believe you recognize what a great job that you are undertaking teaching men and women using your webpage. I am certain you haven’t encountered all of us.

  2. lebron 18

    I want to convey my passion for your generosity for people that really want assistance with in this question. Your special dedication to passing the solution up and down had been extraordinarily informative and has all the time made girls like me to achieve their endeavors. Your entire warm and helpful publication indicates so much to me and much more to my peers. Best wishes; from all of us.

  3. yeezy wave runner 700

    I wish to show my respect for your kindness for those people who really need assistance with your study. Your special commitment to getting the solution across had been extraordinarily informative and has regularly allowed regular people just like me to arrive at their goals. This warm and helpful useful information entails a great deal to me and extremely more to my colleagues. Warm regards; from everyone of us.

  4. a bathing ape

    I’m writing to let you know of the really good experience my wife’s daughter encountered browsing your blog. She discovered several things, with the inclusion of how it is like to have an excellent giving mindset to have men and women without problems grasp a number of problematic matters. You truly did more than our own expected results. I appreciate you for imparting the useful, healthy, edifying as well as unique thoughts on the topic to Ethel.

  9. paul george shoes

    I wanted to send you one very small observation so as to say thanks once again for your personal magnificent basics you’ve documented above. This has been certainly pretty generous of you to give unhampered what a number of people would’ve offered for sale for an ebook in making some dough for themselves, particularly considering that you could have tried it if you wanted. Those creative ideas as well worked to become a easy way to recognize that other people online have the same passion just as mine to figure out a great deal more in terms of this issue. I am certain there are several more pleasurable situations ahead for people who see your blog.

  11. kyrie shoes

    I must get across my gratitude for your kindness for individuals that absolutely need help with this important content. Your personal commitment to passing the message along ended up being pretty helpful and has surely permitted some individuals much like me to attain their endeavors. Your personal important hints and tips denotes a lot a person like me and extremely more to my office colleagues. Best wishes; from each one of us.

  25. russell westbrook shoes

    I as well as my friends ended up studying the good information and facts on your website and then at once developed a horrible feeling I had not expressed respect to you for those techniques. My ladies are actually totally happy to read them and have in effect in actuality been enjoying them. Appreciation for really being well kind and then for getting some brilliant things most people are really wanting to be aware of. Our sincere apologies for not saying thanks to earlier.

  26. bape

    I wish to get across my love for your kindness giving support to those people that have the need for help on this one idea. Your special commitment to passing the message all over turned out to be particularly valuable and have in most cases allowed professionals much like me to achieve their aims. Your new interesting guide signifies a whole lot a person like me and still more to my office workers. Thanks a ton; from everyone of us.

  27. kd 12

    I am also writing to make you understand what a beneficial discovery my daughter found checking your blog. She came to find lots of details, not to mention what it’s like to have an awesome helping mood to let the rest with no trouble comprehend chosen advanced matters. You really exceeded her desires. I appreciate you for churning out such warm and friendly, trustworthy, edifying as well as easy thoughts on the topic to Evelyn.

  28. kawhi leonard shoes

    I’m commenting to let you understand what a wonderful encounter my cousin’s princess developed reading yuor web blog. She discovered so many issues, which included what it is like to possess a marvelous giving character to get the rest smoothly grasp a variety of grueling subject matter. You actually did more than people’s desires. I appreciate you for offering those interesting, healthy, informative and even fun guidance on your topic to Emily.

  35. off white hoodie

    I simply wanted to thank you so much all over again. I’m not certain what I would have undertaken without the actual methods discussed by you about this theme. This was the distressing matter in my position, however , seeing the well-written way you handled it took me to weep over joy. I am grateful for this information and even sincerely hope you find out what a great job you are always getting into educating the others with the aid of your websites. Most probably you haven’t met any of us.

  36. golden goose

    I have to voice my love for your kind-heartedness giving support to women who have the need for guidance on in this area. Your personal dedication to getting the solution throughout appears to be especially beneficial and have usually helped many people just like me to arrive at their endeavors. Your amazing warm and friendly tips and hints implies a great deal to me and still more to my fellow workers. Regards; from each one of us.

  38. curry shoes

    Needed to put you this tiny observation to give many thanks yet again with the nice strategies you’ve featured on this site. This has been so tremendously open-handed with you to offer easily what exactly numerous people might have supplied for an electronic book in order to make some cash for their own end, notably considering that you could have done it if you ever wanted. The tactics additionally served to be the fantastic way to understand that someone else have the identical desire similar to my very own to realize good deal more when it comes to this condition. I’m sure there are numerous more fun occasions in the future for folks who check out your site.

  40. off white

    I would like to express my appreciation to the writer just for rescuing me from this particular problem. As a result of checking through the internet and finding techniques which are not productive, I thought my life was over. Being alive minus the solutions to the issues you have resolved through the review is a serious case, and the kind which may have adversely affected my career if I hadn’t come across the blog. Your own personal competence and kindness in dealing with the whole thing was invaluable. I don’t know what I would’ve done if I hadn’t discovered such a step like this. I can at this time relish my future. Thank you very much for the skilled and result oriented guide. I will not be reluctant to refer the sites to any person who will need support about this problem.

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée.